Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Data Privacy & Security

No description
by

S. M.

on 10 May 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Data Privacy & Security

Territorial scope
Strong sanctions
International Transfers
Responsibilities
Group privilege
Problems
Current Situation
Data Privacy & Security
EU General
Data Protection Regulation
(GPPR)

Key Changes
Less red tape
Privacy by design
Harmonized enforcement of the rules
One counterpart for all of Europe
EU Data Protection Directive 95/46/EC
milestone in history of personal data protection
basic principles are still valid
was implemented by national law in all EU Member States
all 28 EU Member States enact their own laws based on this Directive
"Privacy Patchwork"
legal uncertainty
enforcement options are very limited
Technological Developments
Solution
GDPR will replace the 1995 Directive
Goals
Harmonization
Same data protection level for everybody
Setting global data protection standards which are fit for the digital age
More transparency for data controllers and data subjects
No "forum shopping"
Ensuring proper enforcement of the rules
State of play
January 2012:
European Commission proposed the draft GDPR
Currently:
Member States are negotiating about the draft
End of 2015:
Expected adoption
March 2014:
Parliament approved latest version of the draft
2017:
Expected
effective date
no need for national implementation
direct and binding effect throughout the EU
Global Legal Conference, May 2015
Sanctions
Territorial Scope
Right to be forgotten
Right to data portability
Right to information and transparency
Informed consent
mitigating factors:
insufficient distinction
nature, gravity and duration of the violation, degree of responsibility, previous compliance road, level of damage, categories of data affected, steps taken to remedy ...
EU data protection law will be valid
whenever the European market is targeted
- whether from within or outside the EU
GDPR will be
applicable to Non-EU-Companies
processing data of EU residents
where processing is related to:
covers all U.S. search engines, social networks, cloud services etc. available in the EU
will put data protection on a bar with anti-trust and anti-bribery
sanctions appear way to high
elements of the offense unclear
also every U.S. business with a simple online presence is at risk
could have negative effects on the willingness to innovate
game-changer
significant
fines
of up to
100,000,000 € or 5% of global annual turnover
thus, companies should be discouraged from considering data protection violations
DPO
International Transfers
companies will
not be allowed to hand over data
from EU directly
to third countries' authorities
still
based

on:
adequacy decisions, appropriate safeguards
would make it illegal to transfer data in response to legal requirements set outside the EU
difficult for U.S. companies to comply with discovery requirements in U.S. litigation
this can
only
occur under mutual legal assistance treaty or similar instrument based on EU law
Group Privilege
group companies have a
legitimate interest to transmit
personal
data within the group
of businesses
for internal administrative purposes
Recital no. 38a:
general principles for the transfer of personal data to third countries or international organizations remain unaffected
data processor will be considered to be a data controller, with direct liability under the Regulation, if it processes personal data other than as instructed by the data controller
processor‘s (joint and several) liability for breaches against DP provisions
Situation for the data subject:
Conclusion
different data protection levels across the EU
Full transcript